Sambitraj Student Management System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in version 1.0 of Sambitraj Student Management System. The issue arises in the Dashboard Page component, where an unknown function fails to properly sanitize the 'Name' argument. This oversight allows for the injection of malicious scripts, which are executed when the dashboard is viewed. The vulnerability can be exploited remotely, and although the project has been notified, no response has been received.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the dashboard.

Reproduction

To reproduce this vulnerability, first insert a malicious payload into the 'name' field of a student record, using the unauthorized data insertion vulnerability or the unauthenticated addStudent endpoint. Then, log into the application and navigate to the admin, student, or teacher dashboard. The injected script will execute in the browser, demonstrating the cross-site scripting vulnerability.